Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ad7c2ae6 authored by Song Chun Fan's avatar Song Chun Fan Committed by Android (Google) Code Review
Browse files

Merge "[um] Suppress StrictMode warnings for user data destruction when the... 

Merge "[um] Suppress StrictMode warnings for user data destruction when the user is locked" into main
parents 9daaeb5a da61cd99

core/java/android/os/StrictMode.java

+40 −0
Original line number Diff line number Diff line
@@ -272,6 +272,7 @@ public final class StrictMode { 
            DETECT_VM_UNTAGGED_SOCKET,

            DETECT_VM_NON_SDK_API_USAGE,

            DETECT_VM_IMPLICIT_DIRECT_BOOT,

            DETECT_VM_CREDENTIAL_PROTECTED_WHILE_LOCKED,

            DETECT_VM_INCORRECT_CONTEXT_USE,

            DETECT_VM_UNSAFE_INTENT_LAUNCH,

            DETECT_VM_BACKGROUND_ACTIVITY_LAUNCH_ABORTED,
@@ -1613,6 +1614,45 @@ public final class StrictMode { 
                        sVmPolicy.mCallbackExecutor);

    }



    /**

     * Disable the detection of the access to filesystem paths stored in credential protected

     * storage areas while the user is locked. Used by the system server to disable the

     * detection when it deletes user data files during user removal while the user is locked.

     * Returns whether it was enabled previously.

     *

     * @hide

     */

    public static boolean getAndDisableCredentialProtectedWhileLocked() {

        synchronized (StrictMode.class) {

            final boolean previouslyEnabled =

                    (sVmPolicy.mask & DETECT_VM_CREDENTIAL_PROTECTED_WHILE_LOCKED) != 0;

            sVmPolicy =

                    new VmPolicy(

                            sVmPolicy.mask & ~(DETECT_VM_CREDENTIAL_PROTECTED_WHILE_LOCKED),

                            sVmPolicy.classInstanceLimit,

                            sVmPolicy.mListener,

                            sVmPolicy.mCallbackExecutor);

            return previouslyEnabled;

        }

    }



    /**

     * Enable the detection of the access to filesystem paths stored in credential protected

     * storage areas while the user is locked.

     *

     * @hide

     */

    public static void enableCredentialProtectedWhileLocked() {

        synchronized (StrictMode.class) {

            sVmPolicy =

                    new VmPolicy(

                            sVmPolicy.mask | DETECT_VM_CREDENTIAL_PROTECTED_WHILE_LOCKED,

                            sVmPolicy.classInstanceLimit,

                            sVmPolicy.mListener,

                            sVmPolicy.mCallbackExecutor);

        }

    }



    @UnsupportedAppUsage

    private static final ThreadLocal<ArrayList<ViolationInfo>> violationsBeingTimed =

            new ThreadLocal<ArrayList<ViolationInfo>>() {

core/tests/coretests/src/android/os/StrictModeTest.java

+13 −0
Original line number Diff line number Diff line
@@ -17,6 +17,8 @@ 
package android.os;



import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertTrue;



import androidx.test.ext.junit.runners.AndroidJUnit4;
@@ -60,4 +62,15 @@ public class StrictModeTest { 
        StrictMode.setThreadPolicyMask(0);

        assertEquals(0, StrictMode.getThreadPolicyMask());

    }



    @Test

    public void testCredentialProtectedWhileLockedMask() {

        // First set it disabled

        assertFalse(StrictMode.getAndDisableCredentialProtectedWhileLocked());

        // Then set it enabled

        StrictMode.enableCredentialProtectedWhileLocked();

        // Then disable it and expect it to be disabled

        assertTrue(StrictMode.getAndDisableCredentialProtectedWhileLocked());

        assertFalse(StrictMode.getAndDisableCredentialProtectedWhileLocked());

    }

}

services/core/java/com/android/server/pm/UserDataPreparer.java

+8 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ import android.content.pm.UserInfo; 
import android.os.Environment;

import android.os.FileUtils;

import android.os.RecoverySystem;

import android.os.StrictMode;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.storage.StorageManager;
@@ -181,6 +182,9 @@ class UserDataPreparer { 


    void destroyUserDataLI(String volumeUuid, int userId, int flags) {

        final StorageManager storage = mContext.getSystemService(StorageManager.class);

        // Allow user data destruction to run while the user is locked.

        final boolean wasCredentialProtectionWhileLockedEnabled =

                StrictMode.getAndDisableCredentialProtectedWhileLocked();

        try {

            // Clean up app data, profile data, and media data

            mInstaller.destroyUserData(volumeUuid, userId, flags);
@@ -207,6 +211,10 @@ class UserDataPreparer { 
        } catch (Exception e) {

            logCriticalInfo(Log.WARN,

                    "Failed to destroy user " + userId + " on volume " + volumeUuid + ": " + e);

        } finally {

            if (wasCredentialProtectionWhileLockedEnabled) {

                StrictMode.enableCredentialProtectedWhileLocked();

            }

        }

    }